jave.web

I’m reporting that even after latest updates of both Ultimate Member plugin and this recaptcha plugin we are still getting russian-attack-like accounts (like 10 per day) all somehow bypassing the captcha.

I had this error too and there were API errors all over the place.
What I actually needed to do was to UPGRADE WORDPRESS VERSION and then upgrade the redirection database went just fine.

Ok, so I guess I’ve kind of debugged the issue – it is probably caused by some invalid CSS, that is somehow still magically compiled, it only came on surface after I’ve removed all /* multiline comments */ only then it crashed and then I was able to fix it. After changing all comments to // one line comemnts and fixing all “unclosed block” errors, it seems to work properly again ??

I just got it and it’s available and working, although Gutenberg is the main issue here – this plugin can have 400photos in folder with no problem, seamlessly integrating into media library, but the Gutenberg gallery block is evil.

@remgronl

If you need v1.1.1, you can still just replace the scssphp folder with the newer version of ScssPhp, but you have to do 2 more steps within the plugin itself:

1. bulk update the new namespace change in the WP-SCSS plugin:

Replace ALL occurrences of Leafo\ScssPhp with ScssPhp\ScssPhp

(currently, it should be 9 occurrences in 3 files:

wp-content/plugins/wp-scss/options.php
wp-content/plugins/wp-scss/wp-scss.php
wp-content/plugins/wp-scss/class/class-wp-scss.php

2. update the namespace stored in options as the compile option

And as a quick hotfix in
wp-content/plugins/wp-scss/wp-scss.php

after this line (probably around line 115):

$wpscss_options = get_option( 'wpscss_options' );

insert this:

// TMP HOTFIX
$wpscss_options['compiling_options'] = str_replace('Leafo\ScssPhp\Formatter', 'ScssPhp\ScssPhp\Formatter', $wpscss_options['compiling_options']);

(Proper fix would be replacing the option in DB which I was not able to find quickly, but this works ?? )

Any input from @ithemes ? ??

@nlpro I’m glad we’re on the same page – yes the confirmation message with resulting URL & ajax-way is something I think was added along the way – and this time it saved some time ?? (I think a few years ago it wasn’t there). (And yes I have MANY years of programming in general and WP experience, but one can always learn new stuff or overlook! ?? )

Accented characters and other URL-funky stuff is usually not something that would be considered “basic url path char” which is usually considered a-z, A-Z, 0-9, -, _,. (I’m mean generally, not doc-precisely)

Anyways apart from phrasing I’m now realizing the problem is much deeper – the plugin even LETS you save that – there should be pre-validation BEFORE it even lets you save the slug ?? ! That would ultimately resolve everything.

@nlpro I think you confuse HTML attribute and PHP key “title” (which sanitize_title is exactly for) with post title which is not altered this way on post save and it wouldn’t even make any sense to do so ??

What is true, is authors may have refferred to the post title => post slug sanitization, which is not clear at first sight.

Nevertheless – even if it would – this is still something that should be explicitly mentioned – we’re talking admin access, not some funky heading view with which everybody could live ??

@ipstenu let me rewrite this for you a bit:

The reason I don’t feel it has to be a real title or description is that many of people who use WordPress sites don’t have anyone looking at it but themselves. For a site that has a lot of people looking at it, obviously it’s different. But thanks why the plugins exist

– would you like to remove title & description too?

It is an identification, every identification must have an option to be changed. Current site Title and site Description can be changed too, description after install, but still, you CAN change it…

One must be able to change both – sender name and sender email.

I agree with @schulz.

@wfphil done. ??

Well it is called “WP-SCSS“, it says nothing about sass and they even say that in this FAQ

Can I use .sass syntax with this Plugin?
This plugin will only work with .scss format.

So, in my opinion, rating it 3 stars because it doesn’t do what it is not supposed to do seems at least a bit unfair ??

As for why – the sass syntax vs scss syntax – scss is more css-like, better compatibility with css – direct embeding of existing css, sass syntax may be shorter but paradoxically that and the fact it is using whitespace is also the downside of it – there is a reaason why SCSS is now the main syntax for SASS.

Nice comparsion is on https://thesassway.com/editorial/sass-vs-scss-which-syntax-is-better

Well I’ve tried full high sensitivity scan with everything checked, including
Scan files outside your WordPress installation
Scan images, binary, and other files as if they were executable
And it did not find the icon file actually having malicious PHP content…

Also PHPs with includes of the actual malicious file were not popped with any warning – it is not normal to write basic characters as character codes e.g. \157 instead of o etc…

Altough strange thing is that when I wrote a custom file scanner which scanned everything “as if they were executable”. It was found…

And in general – scan does not always have to do a full scan of the file content – starting with e.g. “does this image even have a image/* mime type” is a good first-sign something’s wrong when common extensions don’t match the mime type they should have…

@ultimatemembersupport Upgrading DB had rewritten some of media URLs (which were NOT ultimate-member’s…)

I must confirm that this rewriting happened for media uploaded since the security upgrade till now. (It could be bug in the previous version)

…

• This reply was modified 6 years, 3 months ago by jave.web.